diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index f4fee907348cba3a12d8272c02192bf0c3981f98..15adaa0e3d7af93122131ce4d2e6a27c17d0c7e0 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -24,14 +24,13 @@ try {
 
 	$idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('saml20-idp-hosted');
 	$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
-	
-	$publiccert = $config->getPathValue('certdir') . $idpmeta['certificate'];
 
-	if (!file_exists($publiccert)) 
-		throw new Exception('Could not find certificate [' . $publiccert . '] to attach to the authentication resposne');
-	
-	$cert = file_get_contents($publiccert);
-	$data = XMLSecurityDSig::get509XCert($cert, true);
+	$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE);
+	$certFingerprint = $certInfo['certFingerprint'];
+	if (count($certFingerprint) === 1) {
+		/* Only one valid certificate. */
+		$certFingerprint = $certFingerprint[0];
+	}
 	
 	$logouttype = 'traditional';
 	if (array_key_exists('logouttype', $idpmeta)) $logouttype = $idpmeta['logouttype'];
@@ -45,7 +44,7 @@ try {
 		'SingleSignOnService' => $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted', array()),
 		'SingleLogoutService' => $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted', array('logouttype' => $logouttype)),
 		'SingleLogoutServiceResponse'  => $metadata->getGenerated('SingleLogoutServiceResponse', 'saml20-idp-hosted', array('logouttype' => $logouttype)),
-		'certFingerprint' => strtolower(sha1(base64_decode($data))),
+		'certFingerprint' => $certFingerprint,
 	);
 
 	if ($metaArray['SingleLogoutServiceResponse'] === $metaArray['SingleLogoutService']) {
@@ -54,7 +53,7 @@ try {
 
 	$metaflat = var_export($idpentityid, TRUE) . ' => ' . var_export($metaArray, TRUE) . ',';
 
-	$metaArray['certificate'] = $idpmeta['certificate'];
+	$metaArray['certData'] = $certInfo['certData'];
 	$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid);
 	$metaBuilder->addMetadataIdP20($metaArray);
 	$metaBuilder->addContact('technical', array(
diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index f32d097e6450c7ddfa6d7be7f6efc1b9ab774d7c..fb43d6699737c59577b904297895a92b21553b39 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -31,11 +31,13 @@ try {
 		'SingleLogoutService' => $metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted'),
 	);
 
+	$certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta);
+	if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
+		$metaArray['certData'] = $certInfo['certData'];
+	}
+
 	$metaflat = var_export($spentityid, TRUE) . ' => ' . var_export($metaArray, TRUE) . ',';
 
-	if (array_key_exists('certificate', $spmeta)) {
-		$metaArray['certificate'] = $spmeta['certificate'];
-	}
 	$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($spentityid);
 	$metaBuilder->addMetadataSP20($metaArray);
 	$metaBuilder->addContact('technical', array(
diff --git a/www/shib13/idp/metadata.php b/www/shib13/idp/metadata.php
index d5ecbfcf5b25b412c8ebf3c50ef6e4aba67d2af2..9599867e1197e0407703ce2cfda3477e3bd225ec 100644
--- a/www/shib13/idp/metadata.php
+++ b/www/shib13/idp/metadata.php
@@ -25,25 +25,23 @@ try {
 	$idpmeta = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrent('shib13-idp-hosted');
 	$idpentityid = isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted');
 	
-	$publiccert = $config->getPathValue('certdir') . $idpmeta['certificate'];
+	$certInfo = SimpleSAML_Utilities::loadPublicKey($idpmeta, TRUE);
+	$certFingerprint = $certInfo['certFingerprint'];
+	if (count($certFingerprint) === 1) {
+		/* Only one valid certificate. */
+		$certFingerprint = $certFingerprint[0];
+	}
 
-	if (!file_exists($publiccert)) 
-		throw new Exception('Could not find certificate [' . $publiccert . '] to attach to the authentication resposne');
-	
-	$cert = file_get_contents($publiccert);
-	$data = XMLSecurityDSig::get509XCert($cert, true);
-	
-	
 	$metaArray = array(
 		'name' => 'Type in a name for this entity',
 		'description' => 'and a proper description that would help users know when to select this IdP.',
 		'SingleSignOnService' => $metadata->getGenerated('SingleSignOnService', 'shib13-idp-hosted'),
-		'certFingerprint' => strtolower(sha1(base64_decode($data))),
+		'certFingerprint' => $certFingerprint,
 	);
 
 	$metaflat = var_export($idpentityid, TRUE) . ' => ' . var_export($metaArray, TRUE) . ',';
 	
-	$metaArray['certificate'] = $idpmeta['certificate'];
+	$metaArray['certData'] = $certInfo['certData'];
 	$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($idpentityid);
 	$metaBuilder->addMetadataIdP11($metaArray);
 	$metaBuilder->addContact('technical', array(
diff --git a/www/shib13/sp/metadata.php b/www/shib13/sp/metadata.php
index 23dc81001fd625f70f7089e139a0caded1d782ed..57b81d94967664a9a8efd83c042ec61c7eda93bd 100644
--- a/www/shib13/sp/metadata.php
+++ b/www/shib13/sp/metadata.php
@@ -31,6 +31,11 @@ try {
 		'AssertionConsumerService' => $metadata->getGenerated('AssertionConsumerService', 'shib13-sp-hosted'),
 	);
 
+	$certInfo = SimpleSAML_Utilities::loadPublicKey($spmeta);
+	if ($certInfo !== NULL && array_key_exists('certData', $certInfo)) {
+		$metaArray['certData'] = $certInfo['certData'];
+	}
+
 	$metaflat = var_export($spentityid, TRUE) . ' => ' . var_export($metaArray, TRUE) . ',';
 
 	if (array_key_exists('certificate', $spmeta)) {